Lista CVE - 2008 / Marzo
Visualizzazione 201 - 300 di 520 CVE per Marzo 2008 (Pagina 3 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2008-1304 | 2008-03-12 | Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and... |
| CVE-2008-1305 | 2008-03-12 | SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-1306 | 2008-03-12 | Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content Manager (CM) allow remote attackers to inject arbitrary web script or HTML via the searchterms parameter to (1) searchresults.cfm, (2) search_results.cfm, and... |
| CVE-2008-1307 | 2008-03-12 | Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument... |
| CVE-2008-1308 | 2008-03-12 | SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php. |
| CVE-2008-1309 | 2008-03-12 | The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for... |
| CVE-2008-1310 | 2008-03-12 | Directory traversal vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to read and overwrite arbitrary files via directory... |
| CVE-2008-1311 | 2008-03-12 | The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|'... |
| CVE-2008-1312 | 2008-03-12 | Unspecified vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to cause a denial of service (daemon crash) via... |
| CVE-2008-1313 | 2008-03-12 | Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id... |
| CVE-2008-1314 | 2008-03-12 | SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php. |
| CVE-2008-1299 | 2008-03-12 | Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE:... |
| CVE-2008-1315 | 2008-03-13 | SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php. |
| CVE-2008-1316 | 2008-03-13 | SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-1317 | 2008-03-13 | Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues. |
| CVE-2008-1318 | 2008-03-13 | Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results. |
| CVE-2008-1319 | 2008-03-13 | Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers... |
| CVE-2008-1320 | 2008-03-13 | Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to... |
| CVE-2008-1321 | 2008-03-13 | The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to... |
| CVE-2008-1322 | 2008-03-13 | The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query... |
| CVE-2008-1323 | 2008-03-13 | Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action. |
| CVE-2008-1324 | 2008-03-13 | Multiple directory traversal vulnerabilities in index.php in Travelsized CMS 0.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and... |
| CVE-2008-1325 | 2008-03-13 | Multiple directory traversal vulnerabilities in index.php in Uberghey CMS 0.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page_id and... |
| CVE-2008-1326 | 2008-03-13 | Cross-site scripting (XSS) vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown;... |
| CVE-2008-1327 | 2008-03-13 | Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information... |
| CVE-2007-6707 | 2008-03-13 | Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified... |
| CVE-2007-6708 | 2008-03-13 | Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary... |
| CVE-2007-6709 | 2008-03-13 | The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to... |
| CVE-2008-1334 | 2008-03-13 | cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at... |
| CVE-2008-1335 | 2008-03-13 | The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 and NetBSD-current before 20071028, when the fast_ipsec subsystem is enabled, allows remote attackers to bypass the IPsec policy by... |
| CVE-2008-1336 | 2008-03-13 | SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a links action to index.php, a different vector... |
| CVE-2008-0532 | 2008-03-14 | Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary... |
| CVE-2008-0533 | 2008-03-14 | Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to... |
| CVE-2008-1117 | 2008-03-14 | Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote... |
| CVE-2008-1118 | 2008-03-14 | Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows... |
| CVE-2008-1157 | 2008-03-14 | Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary... |
| CVE-2008-1337 | 2008-03-14 | The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version... |
| CVE-2008-1338 | 2008-03-14 | The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within... |
| CVE-2008-1343 | 2008-03-17 | Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors. |
| CVE-2008-1344 | 2008-03-17 | Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in a dayview action to plugins/calendar/calendar_backend.php and... |
| CVE-2008-1345 | 2008-03-17 | Cross-site scripting (XSS) vulnerability in plugins/calendar/calendar_backend.php in MyioSoft EasyCalendar 4.0tr and earlier allows remote attackers to inject arbitrary web script or HTML via the day parameter in a dayview action. |
| CVE-2008-1346 | 2008-03-17 | SQL injection vulnerability in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action. |
| CVE-2008-1347 | 2008-03-17 | Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the... |
| CVE-2008-1348 | 2008-03-17 | Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the chart parameter to modules.php. |
| CVE-2008-1349 | 2008-03-17 | SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| CVE-2008-1350 | 2008-03-17 | SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action. |
| CVE-2008-1351 | 2008-03-17 | SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through... |
| CVE-2008-1352 | 2008-03-17 | Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the _SearchTemplate parameter during a Title search. |
| CVE-2008-1341 | 2008-03-17 | SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is... |
| CVE-2008-1342 | 2008-03-17 | Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2)... |
| CVE-2008-1353 | 2008-03-17 | zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or... |
| CVE-2008-1354 | 2008-03-17 | SQL injection vulnerability in MyIssuesView.asp in Advanced Data Solutions Virtual Support Office-XP (VSO-XP) allows remote attackers to execute arbitrary SQL commands via the Issue_ID parameter. |
| CVE-2008-1355 | 2008-03-17 | Cross-site scripting (XSS) vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of... |
| CVE-2008-1356 | 2008-03-17 | Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause... |
| CVE-2008-1357 | 2008-03-17 | Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote... |
| CVE-2008-1358 | 2008-03-17 | Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY. |
| CVE-2008-1359 | 2008-03-17 | Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector... |
| CVE-2008-1360 | 2008-03-17 | Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624. |
| CVE-2008-0888 | 2008-03-17 | The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly... |
| CVE-2008-1365 | 2008-03-17 | Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary... |
| CVE-2008-1366 | 2008-03-17 | Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process... |
| CVE-2008-1367 | 2008-03-17 | gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag... |
| CVE-2008-0727 | 2008-03-18 | Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated... |
| CVE-2008-0949 | 2008-03-18 | Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. |
| CVE-2008-1368 | 2008-03-18 | CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the... |
| CVE-2008-1330 | 2008-03-18 | Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages... |
| CVE-2008-1369 | 2008-03-18 | A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor,... |
| CVE-2008-1370 | 2008-03-18 | PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance... |
| CVE-2008-1371 | 2008-03-18 | Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the... |
| CVE-2008-1372 | 2008-03-18 | bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS... |
| CVE-2008-0044 | 2008-03-18 | Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via... |
| CVE-2008-0045 | 2008-03-18 | Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. |
| CVE-2008-0046 | 2008-03-18 | The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user... |
| CVE-2008-0048 | 2008-03-18 | Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. |
| CVE-2008-0049 | 2008-03-18 | AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via... |
| CVE-2008-0050 | 2008-03-18 | CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. |
| CVE-2008-0051 | 2008-03-18 | Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. |
| CVE-2008-0057 | 2008-03-18 | Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. |
| CVE-2008-0997 | 2008-03-18 | Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted... |
| CVE-2008-1383 | 2008-03-18 | The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from... |
| CVE-2008-0047 | 2008-03-18 | Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote... |
| CVE-2008-0052 | 2008-03-18 | CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even... |
| CVE-2008-0053 | 2008-03-18 | Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. |
| CVE-2008-0054 | 2008-03-18 | Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to... |
| CVE-2008-0055 | 2008-03-18 | Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to... |
| CVE-2008-0056 | 2008-03-18 | Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow... |
| CVE-2008-0058 | 2008-03-18 | Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to... |
| CVE-2008-0059 | 2008-03-18 | Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." |
| CVE-2008-0060 | 2008-03-18 | Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list... |
| CVE-2008-0987 | 2008-03-18 | Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to... |
| CVE-2008-0988 | 2008-03-18 | Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger... |
| CVE-2008-0989 | 2008-03-18 | Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. |
| CVE-2008-0990 | 2008-03-18 | notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service... |
| CVE-2008-0992 | 2008-03-18 | Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value. |
| CVE-2008-0993 | 2008-03-18 | Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process... |
| CVE-2008-0994 | 2008-03-18 | Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force... |
| CVE-2008-0995 | 2008-03-18 | The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via... |
| CVE-2008-0996 | 2008-03-18 | The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to... |
| CVE-2008-0998 | 2008-03-18 | Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed... |
| CVE-2008-0999 | 2008-03-18 | Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference. |